ERROR: (gcloud.builds.submit) Error 403: <SERVICE ACCOUNT> does not have storage.objects.get access to the Google Cloud Storage object

About

Asked 31/10, 2021 at 19:0 Answered 31/10, 2021 at 20:26

google-cloud-platform google-cloud-storage service-accounts google-cloud-build google-cloud-shell

I am trying to build a docker image from the Pub/Sub tutorial on Google (link here). I am running this command: gcloud builds submit --tag gcr.io/project_id/pubsub but for some reason I get the error mentioned in the title: ERROR: (gcloud.builds.submit) INVALID_ARGUMENT: could not resolve source: googleapi: Error 403: <SERVICE ACCOUNT> does not have storage.objects.get access to the Google Cloud Storage object., forbidden. I gave the service account the roles/storage.admin role and that didn't work. I even went as far as made the service account an owner and I still got the same error.

Layoff answered 31/10, 2021 at 19:0 Comment(0)

I figured it out. When using Cloud Build, GCP uses an entirely separate service account for this. It looks something like: <random-id>@cloudbuild.gserviceaccount.com. Add the Cloud Build Service Account role and the Storage Admin role to this service account fixed the problem.

Layoff answered 31/10, 2021 at 20:26 Comment(2)

The ID isn't random, it's the project number that the service account belongs to. – Cadmarr 18/11, 2021 at 17:46

I tried your way but still got the error. – Bohannan 3/9, 2022 at 2:54

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags